Hey @Bastien_Siebman, great to hear from you! Sorry for the delay in getting back to you.
Our rate limits are for the combination of (user, app, organization). In other words, one user using one app in one organization might get throttled, but that user may not be throttled in a separate organization or when using a different app. The set of all three are used for the “bucket” of our rate limits.
When it comes to PATs and bot accounts, then, if that one PAT does a lot of API work in a single organization it may use its allocation up: it’s a single app, acting as a single user (the bot account), in a single organization. This is one reason that it can be beneficial to use a “regular” OAuth app: that app can be authorized and behave as multiple users (and therefore gets a rate limit allocation for each user). That being said, I don’t believe it should be true that one PAT working across multiple organizations would have its own single pool of requests for all of those organizations.
I hope that helps! Let me know if you have any follow-up questions!